Tag Archives: mobileforensics

…statistically speaking producing an almost psychic ability to determine today’s paramount app is about the same as producing winning lottery numbers for each lotto across the US everyday!… Continue reading →

Understanding that there is a considerable amount of location information and geo related data within a mobile device is the first step. Being able to locate and recover that information is the second, often missed, step. Continue reading →

Processing of an Android device with a solution running on a Windows computer can at times be difficult. Not because of windows, but because of the many different types of Android device profiles available. At last count there were over … Continue reading →

In @Accessdata MPE+ you now have the ability to import many different image types. Not only can you import any Accessdata AD1 files you can import compressed folders, TAR, DD, YAFFS, YAFFS2, EXT (all flavors), FAT, IPD and what I … Continue reading →

A little bit of a layoff on the blog due to some crazy class schedules, but hey I am here again at 30,000 feet so what the heck. Lets talk about AccessData’s FTK. I have been messing with AccessData’s new … Continue reading →

An iPhone 3G was received for analysis. The owner had reportedly taken video of an assault and subsequently deleted the video. The device was user jailbroken and had the “Cycorder” app installed. This app uses the onboard still camera with … Continue reading →

Lets talk about phones! Of course the first step should be ALWAYS to isolate the handset from the cellular network but most important step when EXAMING the cellular device. FILESYSTEM, FILESYSTEM, FILESYSTEM. Did I say filesystem. The filesystem, if available, … Continue reading →

This blogging will be quite interesting and I think might help express the ideas and theories I always yell at students about in class (sorry students but passion is passion). I think I will start a series on process. Let’s … Continue reading →

Hey we have started the MFI 303 course where we cover grabbing some serious artifacts from the cellphone fileystems. Do you know that the majority of cellular extraction tools only parse out about 40% of actual data. What I mean … Continue reading →